Docs..

Comprehensive guides and references for the WideSec platform.

Introduction

Welcome to the WideOps documentation. This guide will help you understand and implement our security scanning solutions effectively.

Key Features

Automated security scanning
Real-time vulnerability detection
Comprehensive reporting

Getting Started

Follow these simple steps to start using the API:

Log In: Click on the Login button to start the authentication process.
Grant Permissions: After logging in, you will be prompted to grant the necessary permissions to access your data.

Note: For authentication, no need more than viewer permission, lack of permission may cause some resources not to be scanned.

Specify Resources: Enter the details of the resources you want to scan in the provided input field.
Submit: Click the Submit button to initiate the scanning process based on the specified resources.

If you encounter any issues or need further assistance, please refer to our support team - [email protected]

Basic Usage - API

For complete details on how to use the API, visit the

API Documentation.

To interact with the API, you must authenticate using a valid token.

User Authentication

If you are already logged in to gcloud, authenticate your requests by adding the following header:

Service Account Authentication

To use a service account for authentication, first obtain a token using:

API Example Usage using user authentication

Retrieve a specific report:

Delete a report:

API Example Usage using service account authentication

Retrieve a specific report:

Delete a report:

Note

We never save your token or credentials in DB or Disk. Since the tool leverages your credentials, we cannot create a scheduled scan automatically.

As a workaround, you can create a cron job to automate scans using your service account. Here's how to set it up:

Replace the service account key with your actual values and run the command (Linux):

(crontab -l 2>/dev/null; echo "0 0 * * * /bin/bash -c \"TOKEN=\$(curl -s -X POST https://sec.wideops.com/api/key -F key=@/path/to/key.json -F token_lifetime=10 | awk -F'[,:]' '{for(i=1;i<=NF;i++){if(\$i~/\"token\"/){print \$(i+1)}}}' | tr -d '\" }') && curl -X POST http://sec.wideops.com/api/scan -H 'Content-Type: application/json' -H 'Authorization: Bearer \$TOKEN' -d '{\"org_id\": \"123\", \"folder_ids\": [\"folder1\", \"folder2\"], \"project_ids\": [\"proj1\", \"proj2\"], \"enabled-services\": [\"service1\", \"service2\"]}'\"") | crontab -

Alternative approach using cloud functions scheduler:

1. Create a cloud function that triggers the scan

import json
import requests

def token_and_scan(request):
    # This function will be triggered by Cloud Scheduler
    
    # Post to get the token
    response = requests.post(
        "https://sec.wideops.com/api/key",
        files={'key': ('key.json', open('/path/to/key.json', 'rb'), 'application/json')},
        data={'token_lifetime': '10'}
    )
    token = response.json().get('token')

    # Use the token to post to another API
    headers = {
        'Content-Type': 'application/json',
        'Authorization': f'Bearer {token}'
    }
    data = json.dumps({
        'org_id': '123',
        'folder_ids': ['folder1', 'folder2'],
        'project_ids': ['proj1', 'proj2'],
        'enabled_services': ['service1', 'service2']
    })
    result = requests.post('http://sec.wideops.com/api/scan', headers=headers, data=data)
    
    return f"Status Code: {result.status_code}, Response: {result.text}"

2. Create a Service account with permissions:

3. Create a Cloud Function

4. Set the schedule to run at the desired frequency

Frequently Asked Questions (FAQs)

Data Protection Measures: In the unfortunate event of a data leak, our system is designed with multiple layers of security. The first layer involves encrypting all data stored in Cloud SQL. Beyond this primary safeguard, we implement an additional layer of encryption specifically for sensitive information.

This layered approach ensures that any data potentially accessed by unauthorized parties remains encrypted and, therefore, unreadable. We continually monitor and update our security protocols to protect your data effectively.

Understanding the importance of data sovereignty, we offer the option to utilize Customer-Managed Encryption Keys (CMEK). With CMEK, you're in complete control of the encryption keys and, by extension, the security of your data.

This means that no one but you, not even our team, can access or decrypt your data. It's a powerful way to ensure that your data remains secure and under your control at all times.

Key Management Caution: Losing access to your Customer-Managed Encryption Key is a critical situation. Without the key, the encrypted data stored in our services becomes inaccessible and is effectively irretrievable.

This underscores the importance of implementing robust key management practices, such as maintaining backups of your keys in secure locations. Our team is available to provide guidance on best practices for key management to prevent such scenarios.

Yes, you have full control over your reports and data. They can be deleted after scanning as per your requirement.

No, we do not sell, use, or engage in any activities with your data. Even if we wished to, all data is encrypted, ensuring its confidentiality and integrity.

This issue may be related to permissions. Even with organization-level access, roles such as roles/resourcemanager.folderViewer are necessary for full visibility.

Certain services, such as SQL, utilize two APIs: a component and an admin API. It's possible the relevant API needed for scanning is not enabled.

We're delighted to hear of your interest! To become a client and explore our offerings beyond this product, please reach out to us. We have a lot to offer and are excited to work with you.

Data privacy and user consent are at the core of our operations. We adhere to stringent data protection regulations and implement best practices to ensure that all user data is handled responsibly. Here's how we do it:

User Consent: We collect consent explicitly through clear, understandable language and provide users with control over their data.
Data Minimization: We only collect necessary data required for our services, ensuring minimal data retention.
Transparency: Our privacy policy details how we collect, use, and protect user data, maintaining complete transparency.

We continuously monitor and update our practices to ensure compliance with evolving data protection laws and standards. For more info, go to Privacy and Terms.

If you need assistance, please use the contact button above.

We pride ourselves on providing timely and helpful support to all our users. Don't hesitate to get in touch with us for any reason.

Docs..

Introduction

Key Features

Getting Started

Basic Usage - API

API Documentation.

User Authentication

Service Account Authentication

API Example Usage using user authentication

API Example Usage using service account authentication

Note

Frequently Asked Questions (FAQs)

What happens if there is a data leak on the website?

I want control over my data and do not want you to manage our keys.

What happens if I forget the key when using CMEK?

Can I delete reports and data after scanning?

Are you using our data?

I ran a scan and don't see all my projects.

I have a service that includes resources like Cloud SQL or Cloud Storage, but they are not being scanned.

I like the product but am not currently a customer. How can I start using it?

How do you handle data privacy and user consent?

What support options are available if I need help?